Why it matters: If you have WinRAR installed, make sure you've updated to the most recent version that patches a critical security vulnerability. Vulnerable versions are subject to malicious archive files that are booby trapped and now opportunistic hackers are using this attack vector to hit unknowingly vulnerable users before they can patch.

Download shortcut: WinRAR 5.70

Back in February, cybersecurity firm Check Point disclosed a vulnerability that's existed in WinRAR for some 19 years. The potential attack vector was a result of WinRAR's support for the outdated ACE archive format, whereby those with malicious intent could give an ACE file a .rar extension, and then use it as a booby trap to execute malicious code from a machine's startup folder after a reboot.

Rarlab issued a patch and statement, but those who are not using the most recent version are still at risk.

00 unique exploits and counting." One particular implementation targets Ariana Grande fans looking to bootleg the artist's popular album "Thank U, Next" by using a file named "Ariana_Grande-thank_u, _next (2019) _ [320] .rar" that is booby trapped with malicious code.

Other campaigns have been used to spread malware through the WinRAR exploit as well, as 360 Threat Intelligence Center has been documenting via Twitter.

Possibly the first malware delivered through mail to exploit WinRAR vulnerability. The backdoor is generated by MSF and written to the global startup folder by WinRAR if UAC is turned off.https: //t.co/bK0ngP2nIy

WinRAR has approximately 500 million users, most of which probably do not know about this vulnerability and that creates a desirable attack surface. This attack is bound to gain more traction in the future, so please share with your friends and family if you know they have WinRAR installed and grab the most recent version of the software.